Acceptable Use Policy
Purpose
This Acceptable Use Policy outlines acceptable uses of university-provided Information Technology Resources (ITRs), as defined in the Appendix. This policy strives to outline a balance between users’ rights to academic freedom, privacy, and free expression against users’ responsibilities to use ITRs responsibly, ethically, and legally.
ITRs are intended to be used to further the research, education, and administrative functions of the university. To achieve this purpose, this policy intends to:
- Ensure the integrity, reliability, and good performance of ITRs;
- Ensure that the university community understands and follows technology practices which will safeguard the rights of all members;
- Ensure that ITRs are used for their intended purposes; and
- Establish sanctions and processes for addressing violations.
Scope
This policy applies to all students, faculty, staff, alumni, contractors, guests, third parties, and any other individuals using university-provided ITRs.
Policy
Proper Authorization and Appropriate Use
ITRs may only be used for their intended, authorized purposes by authorized university users.
Commercial Use
Without specific written authorization, activities using ITRs for personal commercial purposes are prohibited. This is not meant to restrict normal communications and exchange of electronic data, consistent with education and research roles, that may have a financial benefit for an external organization. For example, it is appropriate to discuss products or services with companies doing business with the university or to contribute to online forums discussing issues relating to commercial products. Inappropriate use would include activities such as using a university-based web site to run a personal for-profit business.
User Privilege – Limited Confidentiality
System Administrators and users make reasonable efforts to maintain the confidentiality of systems and their data. However, limits and risks do apply to confidentiality, from technical limitations, software bugs, system failures, and other sources.
When the university needs to access data stored in ITRs normally only accessible to a single user, it will follow the Electronic Data Access Policy at https://www.wesleyan.edu/its/policies/Electronic%20Data%20Access%20Policy.html to access that data.
User Privilege – Fair Process
University users have the right to fair process in cases of discipline resulting from policy violations. The process used will be the same process, based on their relationship to the university, normally available to the user if they are accused of a policy violation.
User Responsibility – Personal Account Security
Users are responsible for the security of their university accounts and passwords. Passwords assigned to a single user’s account are not to be shared with any other person. Users are responsible for any activity carried out under their university account.
User Responsibility – Guest Accounts
Faculty and staff can work with ITS to determine if it is appropriate for a guest to receive a university account. All guest accounts require an identified sponsor and will have a defined end date. Guest accounts are covered by the same university policies that apply to faculty and staff accounts.
User Responsibility – Unauthorized Use
Users must not permit or assist any unauthorized person to access university systems. For example, non-public ITRs may not be used by any organization not affiliated with the university without appropriate authorization. That authorization must be communicated in writing to at least one member of the ITS leadership team.
User Responsibility – Content
Users publish institutional information in a variety of electronic forms. Such institutional information will normally be identified by a statement of the Certifying Authority publishing the information. A “Certifying Authority” is the university department or individual who certifies the accuracy of an electronic document and its appropriateness for the conduct of university business. Examples of such data would be a Transcript, Admission Letter of Acceptance, or W2 Tax Form.
Users also publish information in electronic forms on university ITRs. The university has no intention or opportunity to screen such private material and thus cannot assure its accuracy or assume any responsibility for this material. Any electronic publication provided on or over university ITRs not identified by a Certifying Authority is the private speech of an individual user. For posts made to blogs and wikis, the administrator of those systems is responsible for reviewing comments before they are posted and has the right to not publish individual comments. Unmoderated comments are only allowed on blogs and wikis that cannot be accessed without first authenticating with a university account.
This document does not waive any claim that the university may have to ownership or control of any hardware, software, or data created on, stored on, or transmitted through university ITRs.
User Responsibility – Data Storage on ITRs
Faculty, staff, and students may request storage on university-administered ITRs. Requests for storage may include storage for articles, presentations, posters, papers, data, computer code, images, and sounds, with the possible intent to be readily made available on or through the repository.
Users may not:
- Interfere or attempt to interfere with the proper operation of ITRs;
- Attempt to gain or encourage others to gain unauthorized access to ITRs;
- Sell, lease, license, assign, transfer, distribute or otherwise charge or encumber or commercially exploit ITRs or any part thereof except with express written permission; or
- Misuse ITRs (including by hacking or by knowingly or negligently introducing malware) or use the repository in breach of any applicable laws.
In addition, users may not deposit, upload, or post links to any types of materials in or to ITRs that facilitate criminal activity or violate any applicable law.
User Responsibility – Removal of University Data from Mobile Devices
Users need to ensure that all university data has been removed from their mobile devices before disposal or recycling of those devices.
User Responsibility – Copyright
Users must observe intellectual property rights including copyright laws as they apply to software and electronic forms of information. Information about the university's process for the Digital Millenium Copyright Act can be found at https://www.wesleyan.edu/its/policies/dmca.html.
User Responsibility – Contracts and License Agreements
All use of ITRs must be consistent with all contractual obligations of the university, including limitations defined in software and other licensing agreements.
User Responsibility – Record Retention
Record retention should follow the guidelines of the General Counsel's Record Retention Policy as found at: http://www.wesleyan.edu/generalcounsel/policies.html.
User Responsibility – Reporting of Violations
Users must not conceal or help to conceal violations by any other party. Users are expected to report any evidence of actual or suspected violation of these policies to the Chief Information Officer or the Chief Information Security Officer.
User Usage Violations – Security
Users must not try to defeat security measures on any ITRs, including exploiting vulnerabilities, misconfigurations, or obtaining the passwords of other users.
User Usage Violations – Unauthorized access
Users must not attempt to access ITRs that they are not authorized to access, and users must not change ITRs that they are not authorized to change. Attempts to intercept data communications intended for another user, such as through network sniffing, monitoring, wiretapping, and other means are a form of unauthorized access.
User Usage Violations – Concealed Identity
When providing identifying information to an ITRs, users must provide accurate information. Anonymous postings to ITRs, including blogs and wikis, is not permitted. Administrators of blogs and wikis are not permitted to reconfigure those systems to allow anonymous postings. Users cannot impersonate other users. ITS employees are permitted to impersonate users to perform troubleshooting tasks for a user who has reported an issue that cannot otherwise be replicated.
User Usage Violations – Denial of Service
Users must not attempt to prevent others from accessing ITRs or to degrade the performance of ITRs for other users.
User Usage Violations – Unauthorized Data Access
Users must not access or attempt to either access or change data on ITRs unless they are authorized to do so. Users must not intercept or attempt to intercept data communications not intended for them. Prohibited interception techniques include, but are not limited to, network sniffing, packet capturing, and wiretapping.
User Usage Violations – Threats and Harassment
Users may not use ITRs to threaten or harass another person. Users may not interfere with another user’s normal use of ITRs.
User Usage Violations – Adding Unauthorized Network Equipment
Users may not add network equipment, including but not limited to routers, hubs, switches, and wireless access points, to the network without explicit written approval from the ITS Network team.
University Rights – Personal Identification
Users of ITRs must show identification including university affiliation upon request of university staff.
University Rights – Access to Data
Users must allow ITS staff to access data files on ITRs for the purposes of making backups, diagnosing system problems, and investigating policy violations.
University Rights – Oversight Authority
The Chief Information Security Officer, in accordance with the Electronic Data Access Policy, is authorized to investigate alleged or apparent violation of university policy or applicable law involving ITRs
University Rights – Enforcement Procedures
While user activity is being investigated, that user’s privileges to use ITRs may be reduced or suspended. If the investigation identifies a potential violation of university policy the investigation will be routed to the appropriate disciplinary body based on the user’s affiliation with the university. In addition to discipline by the university, users may be subject to criminal prosecution, civil liability, or both for unlawful use of any university systems.
University Rights – Access Removal and Content Deletion upon Separation
Users should expect that they will lose access to some or all ITRs and may have content deleted when they separate from the university.
University Rights – Ownership of University Social Media Accounts
Any social media accounts which are created for university purposes, other than those created for use by student organizations, are the property of the university.
Appendix
Definitions and Terms
Information Technology Resources (ITRs) – This includes, but is not limited to, end-user computing devices, services, networks, email, software, printers, scanners, video distribution systems, telephone systems, fax systems, and other computer hardware and software, whether owned by the university or contracted by the university from a third party.
Revision History
Revised August 2024
Revised June 2020
Initial adoption date not recorded